Enterprise Records Management Systems


Enterprise Records Management Systems











PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free
download.

Enterprise Records
Management Systems

by Faulkner Staff

Copyright 2022, Faulkner Information
Services. All Rights Reserved.

Docid: 00011150

Publication Date: 2207

Report Type: TUTORIAL

Preview

The term Enterprise Records Management System (ERMS) refers to software for
providing systematic, orderly administration of information
throughout its lifecycle – from creation and receipt to final disposition. This
type of application also
prescribes practices for classifying, retaining, using, producing, and
protecting material. ERMS is a subset of
Enterprise Content Management (ECM) and pertains to content that satisfies the
basic definition of an enterprise record. This tutorial examines some of
the top considerations when implementing an ERMS.

Report Contents:

Executive Summary

[return to top of this report]

An ERMS (enterprise records management system) offers a subset of
ECM (enterprise content management) that pertains only to information that
satisfies the basic definition of an enterprise record, which can consist of data or
other information that represents or helps describe the state of an operation at one
or more specific points in time. Enterprise records are often stored and indexed in
some formal manner for later retrieval in order to address needs and issues associated
with accounting, auditing, compliance, litigation, or knowledge management.


Related Faulkner Reports
Records Management Systems Market
Trends
Enterprise Content Management Software Market
Trends

ERMS software provides a systematic, orderly administration of
such material throughout the lifecycle: from creation/receipt to final
disposition. It also prescribes best practices for classifying, retaining,
using, producing, and protecting material. In general, enterprise records
management pertains only to information that satisfies the basic definition of
an enterprise record.

In most cases, an enterprise record is generated by the organization, making
it the item’s only official source. As such, the enterprise is responsible for
maintaining its records in accordance with its own policies and with regulatory
requirements. The need to
discharge this responsibility, therefore, makes the development and/or
investment in a reliable ERMS all the more important.

Common Features

According to Microsoft1, an enterprise records management system
necessitates elements such as:

  • Content Analysis – Describes and categorizes
    potential records, providing source locations and describing how content
    will move to the records management application.
  • File Plan – Details type of record, how and
    where it should be retained, applicable policies surrounding them, the
    manner in which it should be disposed, and who is responsible for managing.
  • Compliance Requirements – Defines rules to
    which IT systems must adhere to ensure compliance, in addition to
    methods used to ensure the participation of enterprise team members.
  • Collection Methods – For records that are no longer
    active.
  • Auditing Method – For active records.
  • Record Metadata Capture Method – Including audit
    and retention history.
  • Record Holding Process – suspends disposal
    when events such as litigation occur.
  • Handling System – Monitors and reports
    records to ensure employees continue to file, access, and manage records
    according to defined policies and processes.

Pressures

Traditionally, the process of selecting an ERMS software solution includes a close – almost
exhaustive – examination of enterprise requirements, from costs to continuity to
compliance. Figure 1 outlines the major business pressures that enterprise
officials must consider in weighing various software options.

Figure 1. Pressures Affecting the ERMS Selection Process

Figure 1. Pressures Affecting the ERMS Selection Process

Source: HP
(archived via Records.com)

ERMS Software Options

Companies that offer ERMS options include:

  • OpenText Records Management — purchased Dell EMC’s Enterprise Content
    division
  • Micro Focus Content Manager and Content Manager Select
  • IBM Records Manager
  • Microsoft 365 Records Management
  • Oracle WebCenter Content

Description

[return to top of this report]

An ERM (enterprise records management) system
affords an organization several benefits, among them improved:

  • Information Access – For developing more targeted sales campaigns
  • Legal, Regulatory, and Audit Compliance – Supporting
    e-discovery-based records-on-demand
  • Cost reduction – Cuts cost associated with storing records by eliminating redundant
    or overlapping records repositories, then retrieving them by mapping
    their precise location

Figure 2 looks at the necessities in selecting an ERMS, as dictated by the
International Standards of Records Management ISO 15489.2

Figure 2. ERMS Necessities

Figure 2. ERMS Necessities

Source: HP (archived via Records.com)

Current View

[return to top of this report]

ERMS Drivers

A survey conducted by Forrester Research3 in collaboration with ARMA
International identified three primary factors driving the adoption of ERM:

  • Regulatory Requirements and E-Discovery – Enterprise
    executives consistently rank regulatory compliance among their top business
    management concerns
  • Content and Application Types – Cloud-based, social,
    Web-based, and mobile sources of content
  • Rise of SharePoint – Enterprise adoption continues to
    grow

ERMS Standards

As with all enterprise disciplines, ERM is traditionally governed by international standards. Today, the principal international records
management standard is the International Organization for Standardization
(ISO) 15489: Information and documentation – Records
management. Published in 2001, ISO 15489 emphasizes the management
of both paper and electronic records (including forms like e-mail).4

Table 1 takes a look at the ISO 15489 document.

Table 1. ISO 15489

Part

Description

Part 1: General

Provides a high-level framework for record-keeping.

Addresses the benefits of records management,
regulatory considerations affecting its operation, and the importance of
assigning of responsibilities for record keeping.

Discusses high-level records management requirements, the design of
record-keeping systems, and actual processes involved in records management,
such as record capture, retention, storage, access, etc.

Discusses records-management audit operations and training requirements for all staff of an organization.

Part 2: Guidelines

Provides practical and more detailed guidance about
how to implement the framework outlined in Part 1.

Provides practical guidance about the development
of records processes and controls, and specifically addresses the development of
key record-keeping instruments, such as disposal authorities,
security, and access-classification schemes.

Discusses the use of these tools to capture,
register, classify, store, provide access to, and otherwise manage
records.

Provides specific assessment regarding the
establishment of monitoring, auditing, and training programs to promote and
effectively implement records management within an organization.

In 2017, the ISO released its latest update to the ISO/TC 46/SC 11. This refresh focused on
working to convert and expand the single terminology standard. Effective with this update, the title of ISO 30300 was changed to "ISO 30300:
Records management: Core concepts and vocabulary."

Outlook

[return to top of this report]

Paper Records

Even today, many vital records exist
only on paper. For example, one of the major impediments to sharing health
information – a process that promises to reduce health administration costs
and improve patient care – is paper or hardcopy-based patient files. Rendering these
files into an electronic form through document imaging or other means should be
an essential element of enterprise records management. At minimum, the
enterprise records management system should track all critical paper
records.

Mobile Records

While most enterprise records still
reside on enterprise mainframes or large central servers, an ever-growing
percentage of records are housed on hard drives, smartphones, laptops, tablets, and other
off-data center devices. The enterprise records management system should
account for enterprise records regardless of their location.

Big Data

The term “Big Data” refers
to the massive amounts of data generated on a daily basis by businesses
and consumers alike – data that cannot be processed using conventional data
analysis tools owing to its sheer volume and, in many case, its unstructured
nature. Convinced that such data holds the key to improved productivity and
profitability, enterprise planners are searching for tools capable of processing
Big Data, and information technology providers are developing better
solutions to accommodate new Big Data market opportunities. There is real value
in Big
Data,
provided next-generation tools are developed to efficiently and
economically store and process the text, audio, video, and other complex
information that surround
and pervade enterprise operations.

Enterprise planners should invest in enterprise records
management systems that are scalable enough to accommodate the explosion
of Big Data.

Laws & Regulations

Another major consideration is that records management must account for legal
and regulatory needs. Records
management regulations help improve an enterprise’s overall records management
posture. The ERMS should help enterprise
members to adhere to – and document compliance with – all relevant records statutes, including,
but not limited to:

  • Securities
    and Exchange Commission (SEC) Rule 17a-4     – Requires stock brokers
    and dealers to retain all proof of electronic communication with clients
    for at least three years, the first two years in an “accessible
    place.”
  • Financial Industry Regulatory Authority (FINRA) Rule 3110
    – a.k.a.,
    the National
    Association of Securities Dealers (NASD) Rule 3110     – Requires that
    member firms implement a retention program for all correspondence –
    including e-mails – that involves registered representatives.
  • Sarbanes-Oxley
    Act of 2002 (SOX)     – Compels CEOs and CFOs
    of publicly-traded companies to attest to the accuracy of financial statements. Retaining business e-mail is considered
    essential to SOX compliance.
  • Federal
    Rules of Civil Procedure     – Effective December 1, 2006, amended to establish a new form of
    discoverable data called “electronically stored information” (ESI),
    as well as to prescribe procedures for handling electronic evidence such
    as e-mails.
  • National
    Archives and Records Administration     – Subchapter B, Parts 1234.32
    and 1234.34 of the NARA Code of Federal Regulations establish the basic
    rules for retaining federal electronic records, including e-mail
    records.
  • Health
    Insurance Portability and Accountability Act of 1996 (HIPAA)
    Enacted to ensure the privacy and security of health information,
    particularly “electronic protected health information” (EPHI),
    the HIPAA Security Rule addresses, among other concerns, the protection
    of EPHI-related e-mails.
  • Uniting
    and Strengthening America by Providing Appropriate Tools Required to
    Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act)
    Expands the authority of US law enforcement for the stated purpose of
    fighting terrorist acts in the United States and abroad, including the
    interception and inspection of enterprise e-mail.
  • Gramm-Leach-Bliley
    Act of 1999 (GLBA)     – Enacted to ensure the privacy and security of
    personal financial information, the GLBA Safeguards Rule incorporates
    e-mail security.

Recommendations

[return to top of this report]

Prior to developing or acquiring an ERMS system, enterprise planners should
focus on the following foundation:

  • Defining which enterprise content
    qualifies as an enterprise record (or records).
  • Creating a classification scheme,
    separating enterprise records into categories (like “enterprise
    confidential”) according to their value (as in the case of intellectual
    property) or their sensitivity (as in customer or employee records).
  • Assigning an owner to all enterprise
    records or record types. The owners will be accountable
    to the enterprise in the event any records are compromised.
  • Conducting enterprise records
    inventory, identifying the location and classification of all
    enterprise
    records. This includes laptops, netbooks, PDAs, CDs, Flash drives,
    smartphones, tablets, ultrabooks, and other non-central data stores.
  • Performing a separate inventory for
    paper or hard-copy records, which are often overlooked, especially by IT
    staff.
  • Consulting with general counsel to
    determine any legal or regulatory obligations relative to enterprise
    records, in addition to establishing a separate classification for records
    that might be
    subject to e-discovery orders.
  • Evaluating enterprise security
    infrastructure to ascertain whether any records are at risk,
    whether because they are lost, stolen, modified in an unauthorized manner, destroyed, or
    misappropriated.
  • Affecting new or improved security measures as appropriate.
  • Estimating the capacity/performance impact of Big Data initiatives.
  • Cooperating with IT officials to understand the effects of server
    and storage
    virtualization initiatives on enterprise records management requirements.
  • Fashioning an ERMS Requirements list, detailing how a prospective
    system should
    function.
  • Using ERMS Requirements as
    a basis for developing a system, or as
    specifications for purchasing an ERMS.
  • Developing policy, in concert with acquiring an ERMS, to govern
    the use of ERMS within the context of an Enterprise Records Management
    Program.
  • Creating a policy for managing non-record enterprise data, with
    an emphasis on minimizing such data.
  • Rationalizing policy and associated practices with the Enterprise
    Records Management Policy.
  • Reviewing the Enterprise Records Management Policy and other
    data/information management policies on an annual basis to ensure
    continued relevance and effectiveness.

Information Governance

Even though enterprise records management is a subset of ECM, some
enterprises choose not to practice both disciplines. In some cases, records
management can be fully integrated into ECM or, conversely, ECM operations can
be integrated into it. In other cases, an enterprise may eschew
the two disciplines in favor of legacy models such as “information
management”
or “data management.”

References

[return to top of this report]

  • 1 “What Is Records Management?” Microsoft TechNet. February 26, 2009.
  • 2 “ISO 15489-1: 2016 (Records management).” International Organization for Standardization. April 2016.
  • 3 Hill, Brian. “Forrester Research/ARMA International Survey: RM Tech Deployment Still a Rough Road.” Forrester Research. September-October 2011.
  • 4 Bradley, Martin. “ISO 15489: A Practical Guide.” eGov Monitor. June 16, 2005.

[return to top of this report]

[return to top of this report]